Does RBI Mandates Bank to Migration there Websites to the .bank.in Domain?

Recent discussions on social media have highlighted a directive from the Reserve Bank of India (RBI) requiring Indian banks to migrate their official websites to the .bank.in domain. This information is accurate and has been formally confirmed by the RBI.

RBI Directive and Timeline

In a circular dated April 22, 2025, the RBI instructed all banks operating in India to migrate their existing web domains to the .bank.in domain by October 31, 2025. Several leading banks have already completed or initiated this migration.

The objective of this mandate is to strengthen the security posture of online banking services and reduce the risk of phishing, spoofing, and fraudulent websites impersonating legitimate banks.

Domain Governance and Registration

The .bank.in domain is governed by the Indian National Internet Exchange (NIXI) under the Ministry of Electronics and Information Technology (MeitY). NIXI has appointed the Institute for Development and Research in Banking Technology (IDRBT) as the exclusive registrar for this domain.

As per the RBI circular:

“It has now been decided to operationalise the ‘.bank.in’ domain for banks through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by the National Internet Exchange of India (NIXI), under the aegis of MeitY, to serve as the exclusive registrar for this domain.”

Banks are required to coordinate with IDRBT for registration and migration support. IDRBT can be contacted at sahyog@idrbt.ac.in for guidance on the application and transition process.

Purpose of the .bank.in Domain

The .bank.in domain is a restricted and authenticated namespace exclusively for regulated Indian banks. Its primary goals are:

• Reducing phishing and domain impersonation attacks
• Improving user trust in online banking platforms
• Providing a clear and consistent method for customers to identify legitimate bank websites

From a cybersecurity perspective, this significantly increases the effort required for attackers to mimic official banking portals and helps users quickly distinguish legitimate links from malicious ones.

Examples of Banks Using .bank.in

Several banks have already migrated their official websites, including:

• State Bank of India – https://sbi.bank.in
• HDFC Bank – https://www.hdfc.bank.in
• ICICI Bank – https://www.icici.bank.in
• Axis Bank – https://www.axis.bank.in
• Punjab National Bank – https://pnb.bank.in
• Bank of Baroda – https://www.bankofbaroda.bank.in
• Union Bank of India – https://www.unionbankofindia.bank.in
• Kotak Mahindra Bank – https://www.kotak.bank.in
• Yes Bank – https://www.yes.bank.in
• Bandhan Bank – https://bandhan.bank.in
• Karnataka Bank – https://www.karnatakabank.bank.in

Security Impact and User Awareness

With the adoption of the .bank.in domain, users can validate the authenticity of banking links received via email, SMS, or other communication channels. Any banking-related URL not using this domain should be treated with caution.

From a defensive security standpoint, this initiative introduces a strong trust anchor at the DNS and domain governance level, making large-scale banking fraud more difficult to execute.

Conclusion

The RBI’s mandate to migrate bank websites to the .bank.in domain is a structured and security-driven initiative aimed at reducing online fraud and improving trust in digital banking services. As the October 31, 2025 deadline approaches, full adoption across the banking sector is expected to become a key control in India’s financial cybersecurity framework.

This is a practical and effective step toward strengthening the security of digital banking infrastructure in India.